scanning-docker-images-with-trivy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes an example that embeds credentials inline in a command (TRIVY_USERNAME=user TRIVY_PASSWORD=pass trivy image ...), which is an insecure pattern that would require the agent to place secret values verbatim into generated shell commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly scans arbitrary public/container registry images (e.g., SKILL.md examples like "trivy image python:3.12-slim" and scripts/process.py which accepts an image reference and scans registry images), parses untrusted, user-supplied scan output (vulnerability/misconfiguration/description fields), and makes policy decisions (fail/pass deployment) based on those parsed results—therefore it ingests third-party content that can materially influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). It explicitly instructs running sudo and editing system files (adding apt repository and keyring, apt installs), which requests elevated privileges and modifies the machine's state.